Prev: cracking an old zip password
Next: A simple scheme of combining PRNGs
From: Bryan on 5 Jun 2010 13:28
Mok-Kong Shen wrote:
> I like also take this opportunity to say that the present theme occured
> to me during discussions in a thread on Hillcipher, where one
> participant seemed to be extremely "sensitive" to linearity from
> matrices, which led me to look for possibility of exploiting the
> convenience of matrix formalism also in non-linear computational
> matters

Yeah -- we're a bit "sensitive" to weak ciphers, wrong results, and
false claims. Sci.crypt has seen a lot of novice cryptographers post
ciphers that immediately fall to purely linear solutions. Truth be
told: had Usenet been around when I was twelve years old, I probably
would have been among them. I have some empathy for crypto novices.

So I have empathy for crypto novices. Clueless newbies are not the
problem -- heck we're all mostly-clueless on most fields. On
sci.crypt, Mok-Kong Shen stands alone, in that he keeps proposing
trivially-breakable linear ciphers, over and over, year after year, in
face of break after break.

From: Mok-Kong Shen on 13 Jun 2010 02:52
Mok-Kong Shen wrote:

>>> If f11(x) etc. are functions of x, one can namely e.g. use
>>>
>>> | f11 f12 | | x1 |
>>> | | * | |
>>> | f21 f22 | | x2 |
>>>
>>> to express the vector
>>>
>>> | f11(x1) + f12(x2) |
>>> | |
>>> | f21(x1) + f22(x2) |
>>
>> [Addendum] One could evidently, if desired, also adopt the convention
>> that in the vector above + be substituted by xor, while leaving the
>> functions unchanged. On the symbolic level, one could write/discuss
>> M1*M2, M^(-1), C = M * P, etc., as is familiar in linear algebra.
>
> I like also to mention, though trivial, that one would for practical
> computatonal reasons in the present context preferably consider a
> matrix to be an operator acting on a vector, so that M1*M2*V is always
> computed as M1*(M2*V), rather than one first computes a matrix M3=M1*M2
> and evaluate M3*V. To obtain a pseudo-random non-singular matrix, which
> e.g. could be useful for encryption purposes, one would preferably
> generate it as a product L*U.

In this L*U form there are in our case m^2 arbitrary user-specified
non-linear functions for matrix dimension m. On decryption, one needs
the inverse of the diagonal elements of U. While this can be fairly
efficiently done computationally, if the functions are e.g., as we
recommended, full-cycle permutation polynomials mod 2^n, the computation
process can be somewhat simplified, if the diagonal elements of both
L and U are all 1. This reduction from m^2 "varaibles" to m^2-m
evidently wouldn't be a problem in general, since we have (arbitrarily
specifiable) non-linearity at our disposal anyway. It may be noted that
one could, for example, use a PRNG (e.g. also of type permutation
polynomial) based on a (distinct) message-key to dynamically generate
L*U and use each L*U to encrypt, if desired, only m/2 vectors of
dimension m, which would even render any attempts of determining the
contents of L*U from the corresponding plaintext and ciphertext vectors
principally impossible owing to "indeterminacy" (we assume here m >= 4,
to be exact).

M. K. Shen
--------------------------------------------------------------------------

[OT] In an attempt to reduce annoyance to the general readers, I am
unfortunately forced to forgo any opportunities of discussion with
those, who have the unnice impulse (urge, "Drang" in German) to
overload their posts with bandwidth-wasting personal stuffs and/or
bad words, by placing them into my kill-file. Those who dislike my
posts for whatever reasons are requested to kindly put me into their
kill-files as well.



First  |  Prev  | 
Pages: 1 2
Prev: cracking an old zip password
Next: A simple scheme of combining PRNGs